MalWebID-Autodetection and Identification of Malicious Web Hosts Through Live Traffic Analysis

Abstract

This thesis investigates the ability for recently devised packet-level Transmission Control Protocols (TCP) transport classifiers to discover abusive traffic flows, especially those not found via traditional methods, e.g., signatures and real-time blocklists. Transport classification is designed to identify hosts considered to be part of abusive infrastructure without deep packet inspection. A particular focus is to understand the applicability of such methods to live, real-world network traffic obtained from the Naval Postgraduate School campus enterprise network. This research evaluates both how consistent and how complimentary transport traffic classification is with known blocklists. In particular, the system has a 97.8% average accuracy with respect to blocklist ground-truth, while also correctly identifying 94% of flows to abusive hosts unknown to the blocklists as verified through manual sampling.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2013
Accession Number
ADA580681

Entities

People

  • Tony Nichols

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • C4I
  • Cyber
  • Materials and Manufacturing Processes
  • Space

DTIC Thesaurus Topics

  • Application Protocols
  • Computer Network Security
  • Computer Networks
  • Computers
  • Department Of Defense
  • Electronic Mail
  • Information Operations
  • Information Science
  • Information Systems
  • Machine Learning
  • Network Protocols
  • Network Science
  • Social Media
  • Statistical Analysis
  • Supervised Machine Learning
  • Test Methods
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Computer Networking
  • Computer Vision.